Penetration Testing

We perform both Web application and infrastructure penetration testing and our integrated approach means we don't just give you a list of problems but help you solve them and address their root causes now and in the future. 

"A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorised means of accessing the organisation’s systems) and/or malicious insiders (who have some level of authorised access)." - Council of Registered Ethical Security Testers (CREST)

Penetration testing of Internet-facing applications and infrastructure is an essential necessity for any online business. Penetration testing gives you the assurance that all the hard work you have invested in designing and implementing secure infrastructure or applications has paid off and your product or service won't fall apart when subjected to malicious activity - as eventually it will be.

Traditional penetration testing concludes with the delivery of a report at the end of the penetration test. It lists identified issues and makes recommendations and you are left to address the issues. No wonder many organisations find it difficult to actually improve security of their IT by conducting penetration tests alone - it takes much more to consistently operate secure services or release secure applications than just a penetration test. After we issue the penetration testing report we can work with your technical team to address both the specific security issues as well as their root causes.

Our penetration testing is conducted by CREST Registered Penetration Tester according to industry guidelines set by CREST, OSSTM and OWASP and with reference to recognised frameworks such as CWE, CVSS and BSIMM.

Following the conclusion of the penetration testing engagement we issue a certificate of penetration testing / a letter of assurance that can be shared with third parties such as customers, investors and regulators provided no significant or material security issues were identified.

We perform both white and black box penetration testing as well as security reviews.